我已经部署了基于Blade CLI blade.rest示例的OSGi模块,并对其进行了修改以返回响应而不是纯文本。这是班级:
package com.autentia.api.rest.users;
import org.osgi.service.component.annotations.Component;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.ApplicationPath;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Application;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import java.util.Collections;
import java.util.Set;
@ApplicationPath("/users")
@Component(
immediate = true, property = {"jaxrs.application=true"},
service = Application.class
)
public class UsersRestService extends Application {
@Override
public Set<Object> getSingletons() {
return Collections.singleton(this);
}
@GET
@Path("/")
@Produces(MediaType.APPLICATION_JSON)
public Response getUsers(@Context HttpServletRequest request) {
System.out.println(request.getRemoteAddr());
String json = "{\n" + " \"value\": \"ok\"\n" + "}";
return Response
.status(200)
.header("Access-Control-Allow-Origin", "*")
.entity(json)
.build();
}
}
(如果我删除.header("Access-Control-Allow-Origin", "*"),这在本地有用。)
当我向服务器发出请求时,问题出现了响应有两个Access-Control-Access-Origin属性,一个设置为“*”(这是我想要的),一个设置为ip,它已经被发送。答复如下:
Access-Control-Allow-Credentials:true
Access-Control-Allow-Origin:http://localhost:3000
Access-Control-Allow-Origin:*
Content-Length:19
Content-Type:application/json
Date:Wed, 12 Apr 2017 15:23:38 GMT
Server:Apache-Coyote/1.1
Set-Cookie:JSESSIONID=CF771CD0FAECDAF226D153FB05875CC3; Path=/; HttpOnly
X-Content-Type-Options:nosniff
X-Frame-Options:SAMEORIGIN
X-Request-URL:http://localhost:8080/o/api/users
X-XSS-Protection:1
如您所见,有两个Access-Control-Allow-Origin不被接受。我该在哪里开始寻找?我应该修改Tomcat的web.xml吗?我查看了portal.properties和system.properties,但我没有看到启用该标题的属性。
感谢。
答案 0 :(得分:1)
在CorsFilter
CATALINA_BASE/conf/web.xml过滤器
http://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#CORS_Filter有文档。
要允许来自任何来源的请求,您可以将其添加到该文件中:
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
答案 1 :(得分:1)
正如@sideshowbarker所提到的,关键是编辑位于Liferay的嵌入式Tomcat上的web.xml文件。我应用的配置如下:
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>http://localhost:49227</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.preflight.maxage</param-name>
<param-value>10</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
之后,我从我正在使用的方法getUsers的响应中删除了标头,并重新启动了Tomcat,以便应用配置。
如果我想允许所有来源或白名单IP,我将不得不更改以下param:
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>http://<IP_TO_WHITELIST>:<PORT></param-value>
</init-param>
或允许所有来源:
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>